Android phone bricked by "security feature"?

[Energize]

So a colleague who I ordered a corporate phone for, has after factory resetting her phone apparently forgotten the google account she used when originally setting the phone up, the phone now appears to be basically bricked by this Android "security feature". The phone just keeps asking for the original google account associated with the phone in order to start it, this just seems like the stupidest "feature" I have ever come across and apparently according to another colleague has resulted in the business writing off over £1k worth of phones this year alone due to other colleagues doing the same thing. This is costing the business far more than the occasional theft of phones.

Is there absolutely no way to get into the phone with adb to unlock it?

And of greater concern is my personal phone, in case for some reason I can no longer get into the google account associated with my phone, that will be a £400 phone written off. Is there no way to remove this odious "feature" from my Android 9 phone?

 

[scrivz69]

The only way I know to stop this happening on a factory reset is to delete the account before resetting it and the it should be fine and not ask for the password. To late now I know but might be useful in the future. Apart from that I have no idea how to sort this one.

 

[james.miller]

Android FRP.

You're supposed to remove the account first before factory resetting, that's if you intend to move the device on of course. There are videos out there on bypassing FRP after a factory reset but I don't know if they work on the latest security patches - you'll have to try.

according to another colleague has resulted in the business writing off over £1k worth of phones this year alone due to other colleagues doing the same thing. This is costing the business far more than the occasional theft of phones.

If the IT department handled the primary accounts on those phones, that wouldn't happen. Well, unless they forget the details too. You'd think after the first one they'd probably try to make sure that didn't happen again:/

 

[Stephanie Peterson]

If its a corporate phone she shouldn't be buggering about with resetting the thing, its the IT departments issue.
All of ours are locked down like this (both fruity and android ones)

Isnt there a "forgotten password" option, it will email details back to the account it was setup with? unless those have been forgotten as well, in which case the owner is too stupid to own a device if they cannot remember simple passwords and email account details.

 

[Mujja]

During account setup through accessbility settings you can start a YouTube clip and open YouTube's terms and conditions in a browser. Once you've launched Chrome there are various APKs you can download to create a new Google account and gain access.

Been a while since I had to unlock a phone, plenty of guides on the net.

 

[Energize]

If the IT department handled the primary accounts on those phones, that wouldn't happen. Well, unless they forget the details too. You'd think after the first one they'd probably try to make sure that didn't happen again:/

Unfortunately IT is outsourced to another organisation so what happens is that phones are just shipped to us and users are left to set them up themselves using guidance notes from the IT portal which of course no one ever reads. I work for a very large employer so issues like this are often not communicated from one department to another.

I always try to ensure that users create a google account using their corporate email address just in case they forget their password etc, but I never actually realised that google intentionally bricked phones if users forgot their google account!

 

[Energize]

During account setup through accessbility settings you can start a YouTube clip and open YouTube's terms and conditions in a browser. Once you've launched Chrome there are various APKs you can download to create a new Google account and gain access.

Does this work with the latest version of Android? I've just setup a phone to re-familiarise myself with the process of setting up the work phones and I can't believe there is absolutely no warning whatsoever about FRP or an option to switch it off, it's a fail-deadly mechanism they don't even tell you about!

I have to say my estimation of Google and the Android operating system has diminished over the years and I think I might put a different OS on my next phone.

 

[james.miller]

Good luck with that, iOS is the same. All you have to do is not forget the account you used on the phone and it wouldn't be an issue. It should be easy ...

Look for 'frp bypass' on YouTube, find the latest video and try it. At this stage you have nothing to lose.

 

[xb8browney]

Sounds like the phones are being factory reset via power and volume -/+ instead of being reset correctly.

 

[Stephanie Peterson]

Yup got a pile of fruity phones sitting on a desk all screwed up because the users thought they would play with them so its just the same with iOS

To be honest you really wouldnt want a security feature to be easy to break anyway, i mean its not as if its not there on purpose lol.

 

[neoboy]

IOS certainly isn't much different, have a locked iPod Touch because someone forgot the Apple ID and forgot to setup any kind of backup recovery options.

 

[Energize]

iOS?! Err, that's not what I was thinking of. There are a lot of now mature linux based OS available for phones that don't have the hindrances of Android or iOS.

To be honest you really wouldnt want a security feature to be easy to break anyway, i mean its not as if its not there on purpose lol.

No, but you would want it to be well documented and upfront, not hidden in the background and only discovered after the user has reset their phone...

Good luck with that, iOS is the same. All you have to do is not forget the account you used on the phone and it wouldn't be an issue. It should be easy ...

Except for when the service doesn't work properly... No one should be dependent on a 3rd party service for their phone to boot, it's very dangerous, if Googles server's have a problem (yet again) it renders your own personal device unusable.

 

[Em3bbs]

iOS?! Err, that's not what I was thinking of. There are a lot of now mature linux based OS available for phones that don't have the hindrances of Android or iOS.

If you consider having no popular apps as less of a hindrance than remembering the password of the account you set up a phone with for security reasons then all power to you. Not sure how well that will go down with your colleagues though.

 

[Energize]

If you consider having no popular apps as less of a hindrance than remembering the password of the account you set up a phone with for security reasons then all power to you. Not sure how well that will go down with your colleagues though.

My colleagues? What do my colleagues have to do with my personal phone?

Many of the Android Apps will run on a linux variant in any case.

 

[jsmoke]

Can you not just flash a custom ROM like lineageOS?

 

[Em3bbs]

My colleagues? What do my colleagues have to do with my personal phone?

Many of the Android Apps will run on a linux variant in any case.

Sorry, I assumed as you were talking about colleagues phones that you worked in IT department or something and were looking for a better solution for others.

Seeing that it's your own phone, I don't see the benefit of moving to a non standard 3rd party OS. Some apps will work, many won't. So many apps these days rely on Google Play Services, and even if you can sideload GPS it's a lot more of a ballache keeping things up to date and praying nothing goes wrong rather than worrying about when you want to factory reset your device. Just remember your password? Seems a lot easier.

 

[james.miller]

Except for when the service doesn't work properly... No one should be dependent on a 3rd party service for their phone to boot, it's very dangerous, if Googles server's have a problem (yet again) it renders your own personal device unusable.

Network access isn't required to verify the account after a factory reset as far as I know, if that's what you mean.

 

[BananaDunka]

So a colleague who I ordered a corporate phone for, has after factory resetting her phone apparently forgotten the google account she used when originally setting the phone up, the phone now appears to be basically bricked by this Android "security feature". The phone just keeps asking for the original google account associated with the phone in order to start it, this just seems like the stupidest "feature" I have ever come across and apparently according to another colleague has resulted in the business writing off over £1k worth of phones this year alone due to other colleagues doing the same thing. This is costing the business far more than the occasional theft of phones.

Is there absolutely no way to get into the phone with adb to unlock it?

And of greater concern is my personal phone, in case for some reason I can no longer get into the google account associated with my phone, that will be a £400 phone written off. Is there no way to remove this odious "feature" from my Android 9 phone?

It's not a stupid feature. I deal with Android devices and do resets and setups from new phones at work all the time when buying new phones. When resetting it asks you if you want to delete the Google account too and some devices even ask you to enter the logon details or unlock code of the device if one is set. Once this is done the phone is factory reset and can be set up as new. If someone just resets the phone without removing the Google account, it's still tied to that account on Google's servers so needs to know the phone hasn't simply been stolen and just factory reset using bootloader or safe mode etc.

This is a user error, not a phone or Google error. The person assigning the user a work phone should also be setting up the primary account on it as a work account that is then controlled through a policy. Most users aren't tech minded enough to be trusted to do technical things properly.

 

[Mekrel]

I think your angst is incorrectly directed at Google, surely your colleagues should take some responsibility if they're setting up accounts with details they have no chance of remembering?

Would you blame a bank for stopping an online transaction because you couldn't remember the 2nd, 5th & 7th letters of your memorable key word?

So because your colleagues are stupid enough to lock themselves out of their accounts, you're going to install another OS on your phone that removes a layer of security? Sounds like cutting your nose off to spite your face.

 

[Energize]

Sorry, I assumed as you were talking about colleagues phones that you worked in IT department or something and were looking for a better solution for others.

Seeing that it's your own phone, I don't see the benefit of moving to a non standard 3rd party OS. Some apps will work, many won't. So many apps these days rely on Google Play Services, and even if you can sideload GPS it's a lot more of a ballache keeping things up to date and praying nothing goes wrong rather than worrying about when you want to factory reset your device. Just remember your password? Seems a lot easier.

All my apps have a Linux equivalent or already have been compiled for Linux, web browser, media player, telegram, file explorer, ftp server etc. so I won't have any issues in that respect.

It's not simply about FRP I want to move away from Android because what was once a really open platform is becoming more closed and controlling of your device that it becomes a pia when trying to do some basic things.

I think your angst is incorrectly directed at Google, surely your colleagues should take some responsibility if they're setting up accounts with details they have no chance of remembering?

Would you blame a bank for stopping an online transaction because you couldn't remember the 2nd, 5th & 7th letters of your memorable key word?

That's a false analogy, everyone knows that banks block failed logins or pin numbers as a security feature. No standard user knows about FRP being installed on the phone and therefore does not take the necessary precautions. Furthermore when we are talking about a bank we are dealing with their systems, in the case of FRP we are talking about a personal device that the user should have master/root control over.

So because your colleagues are stupid enough to lock themselves out of their accounts, you're going to install another OS on your phone that removes a layer of security? Sounds like cutting your nose off to spite your face.

No, I'm installing another OS for a variety of reasons. Android just no longer meets my requirements anymore.